When a peer requests a certificate from the local gateway, we first

lookup a cert from /etc/iked/certs/ that is signed by a requested CA.
As a second step we also compare the subjectAltName of any found
certificate now to match the local srcid; this allows to have multiple
certs for the same CA but different srcids in the certs/ directory but
enforces that the subjectAltName has to be set correctly.

requested by jsg@

0 files changed, 0 insertions, 0 deletions